commit df02902313feb1472bc6ec16e486f72b39e9d4b2
author Faisal Latif <faisal.latif@intel.com> Fri May 21 16:55:03 2010 -0500
committer Roland Dreier <rolandd@cisco.com> Mon May 24 21:12:54 2010 -0700
tree 6cb761596855ce1c34f0314e6e4139f8a75198d0
parent 39942a028c559e39495ae7b29a8dd9b0c3c03003

RDMA/nes: Async event for closed QP causes crash

Under abnormal termination, modify_qp() closes the QP, and async event
(AE) handling also attempts to close the same QP, causing a crash.
Fix this by checking the state of the QP before processing the AE.

Signed-off-by: Faisal Latif <faisal.latif@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>

drivers/infiniband/hw/nes/nes_hw.c

diff --git a/drivers/infiniband/hw/nes/nes_hw.c b/drivers/infiniband/hw/nes/nes_hw.c
index 86acb7d..bb9c775 100644
--- a/drivers/infiniband/hw/nes/nes_hw.c
+++ b/drivers/infiniband/hw/nes/nes_hw.c
@@ -3422,6 +3422,7 @@
 	struct nes_adapter *nesadapter = nesdev->nesadapter;
 	u32 aeq_info;
 	u32 next_iwarp_state = 0;
+	u32 aeqe_cq_id;
 	u16 async_event_id;
 	u8 tcp_state;
 	u8 iwarp_state;
@@ -3449,6 +3450,14 @@
 			le32_to_cpu(aeqe->aeqe_words[NES_AEQE_COMP_QP_CQ_ID_IDX]), aeqe,
 			nes_tcp_state_str[tcp_state], nes_iwarp_state_str[iwarp_state]);
 
+	aeqe_cq_id = le32_to_cpu(aeqe->aeqe_words[NES_AEQE_COMP_QP_CQ_ID_IDX]);
+	if (aeq_info & NES_AEQE_QP) {
+		if ((!nes_is_resource_allocated(nesadapter, nesadapter->allocated_qps,
+				aeqe_cq_id)) ||
+				(atomic_read(&nesqp->close_timer_started)))
+			return;
+	}
+
 	switch (async_event_id) {
 		case NES_AEQE_AEID_LLP_FIN_RECEIVED:
 			if (nesqp->term_flags)